Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is it possible to create a dashboard with chart where a value is configurable by the user

oriches
Explorer
‎07-08-2013 06:17 AM

I want to create a dashboard where I can change the 'SessionId' in the following query, ideally I want to be able to select one from a dropdown list and the chart would refresh.

host="jedi-sit2" SessionId=7e88e1f8-f06c-4950-bedc-97b2ad51d0e6 | timechart mode(ui_process_memory)

Is this possible?

Reply
1 Solution
Solved! Jump to solution
Solution

nfilippi_splunk
Splunk Employee
Splunk Employee
‎07-08-2013 08:23 AM

You can achieve this through simple xml forms. Here's an example of what it might look like, where there is a dropdown of available session ids that is populated by a Splunk search.

For more information/examples on forms, here's a link to the docs:
http://docs.splunk.com/Documentation/Splunk/latest/Viz/Exampleform

<form>
  <label>session_id_search</label>
  <fieldset>
      <input type="dropdown" token="session_id">
          <label>Session ID:</label>
          <populatingSearch fieldForValue="SessionID" fieldForLabel="SessionID" earliest="-7d@d" latest="now">host="jedi-sit2"
| dedup SessionID</populatingSearch>
      </input>
  </fieldset>
  <row>
    <chart>
      <searchString>host="jedi-sit2" SessionId="$session_id$" | timechart mode(ui_process_memory)</searchString>
      <title>Memory Usage</title>
      <option name="charting.chart">line</option>
      <earliestTime>-7d@d</earliestTime>
      <latestTime>now</latestTime>
    </chart>
  </row>
</form>

View solution in original post

0 Karma
Reply
Solved! Jump to solution

sideview
SplunkTrust
SplunkTrust
‎07-09-2013 01:24 AM

Note that the latest Sideview Utils is 2.5 and while it's also available under a free license, you have to get it from the Sideview site at http://sideviewapps.com/apps/sideview-utils/ The LGPL version linked to is a much older version (1.3.5). There have been an enormous number of improvements, new features and bugfixes since 1.3.5 so make sure you're on the latest.

0 Karma
Reply
Solved! Jump to solution
Solution

nfilippi_splunk
Splunk Employee
Splunk Employee
‎07-08-2013 08:23 AM

You can achieve this through simple xml forms. Here's an example of what it might look like, where there is a dropdown of available session ids that is populated by a Splunk search.

For more information/examples on forms, here's a link to the docs:
http://docs.splunk.com/Documentation/Splunk/latest/Viz/Exampleform

<form>
  <label>session_id_search</label>
  <fieldset>
      <input type="dropdown" token="session_id">
          <label>Session ID:</label>
          <populatingSearch fieldForValue="SessionID" fieldForLabel="SessionID" earliest="-7d@d" latest="now">host="jedi-sit2"
| dedup SessionID</populatingSearch>
      </input>
  </fieldset>
  <row>
    <chart>
      <searchString>host="jedi-sit2" SessionId="$session_id$" | timechart mode(ui_process_memory)</searchString>
      <title>Memory Usage</title>
      <option name="charting.chart">line</option>
      <earliestTime>-7d@d</earliestTime>
      <latestTime>now</latestTime>
    </chart>
  </row>
</form>
0 Karma
Reply
Solved! Jump to solution

linu1988
Champion
‎07-08-2013 07:05 AM

http://splunk-base.splunk.com/apps/36405/sideview-utils-lgpl.

Please see the usage terms and conditions. But for reference it's the best

0 Karma
Reply
Solved! Jump to solution

oriches
Explorer
‎07-08-2013 06:50 AM

Where can I find out more about 'Sideview Utils'?

We have a licensed version of splunk

0 Karma
Reply
Solved! Jump to solution

aholzer
Motivator
‎07-08-2013 06:45 AM

As @linu1988 said, Sideview Utils is a really powerful tool that you can use to make sophisticated dashboards and I highly recommend it.

If you are looking for something quicker, you may want to look into the Splunk views called "forms" that come included in the base splunk. They allow you to define dashboards with user inputs.

Sideview Utils has tools that allow you to do the same thing, and in the long term is a better/more robust solution, but if you are just looking for a quick answer, the keyword you are looking for is "form". "Splunk form".

0 Karma
Reply
Solved! Jump to solution

linu1988
Champion
‎07-08-2013 06:31 AM

Please refer to Splunk UI examples APP / Sideview Utils APP.
You can create dashboards with pulldown /dropdown modules to fill your session ids. Then pass the variable to the search in the dashboard panel. Thanks.

http://docs.splunk.com/Documentation/Splunk/latest/Viz/Exampledashboard

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...